Public Safety Committee on Oct. 4th, 2016

Thank you, Mr. Chair. Thank you to the committee for inviting me to appear before you today.

In particular, I will be focusing my comments on the government’s Green Paper, which was recently released. We will present our formal response to Public Safety by December 1. In the meantime, I am happy to provide preliminary comments, in the hope these may be helpful as you prepare to engage with Canadians in several cities across the country.

The stated purpose of the Green Paper is to prompt discussion and debate about Canada’s national security framework, which is broader than the reforms brought about by Bill C-51, the Anti-terrorism Act, 2015. I fully support the need to review the entire legislative framework, not just the changes brought about by Bill C-51. But to do that in a comprehensive way, the focus cannot be only on addressing challenges faced by national security and law enforcement agencies. It must also take into account legislative changes and other developments that have had an impact on human rights, including international information sharing and the need to adopt rules to prevent another tragedy like the one lived by Maher Arar.

In order to ensure our laws adapt to current realities, it is important to consider all that we have learned since 2001, including the revelations of Edward Snowden regarding government information gathering and sharing activities, as well as other known risks regarding the protection of privacy and human rights, including those identified during commissions of inquiry. Obviously, we must also consider recent terrorist threats and incidents.

In my public statements on Bill C-51, I expressed significant concern with the broad information sharing authorized by the Security of Canada Information Sharing Act. I warned that the lowering of thresholds for sharing could lead to large amounts of personal information on law-abiding citizens being disclosed. Edward Snowden demonstrated how government surveillance powers can be used on a massive scale. Unfortunately, there is nothing in the Green Paper that addresses the lowering of legal standards for information sharing.

When Bill C-51 was tabled, the government maintained SCISA was necessary because some federal agencies lacked clear legal authority to share information related to national security. The Green Paper addresses complexity around sharing, which can prevent information from getting to the right institution in time. These references to the complexity of the old law do not clearly explain its shortcomings. Situations where there is no legal authority for sharing information related to national security can be identified, but so far they have not. I strongly urge this committee to ask specific questions on the subject. A clearer articulation of the problems with the previous law would help define a proportionate solution.

The green paper speaks of the challenges of law enforcement getting access to what it calls “basic subscriber information”, which is cast as relatively innocuous on the premise that it does not include the contents of communications. There has been extensive work done by my officials and other technical experts that finds that this subscriber information, or metadata, is far from benign. Daniel Weitzner, who founded the Internet Policy Research Initiative at MIT, considers metadata to be “arguably more revealing [than content] because it's actually much easier to analyze the patterns in a large universe of metadata and correlate them with real-world events than it is to go through a semantic analysis of all of someone's email and all of someone's telephone calls.”

The GCHQ, the British signals intelligence agency, has publicly stated that metadata is more revealing for intelligence purposes than the content of communications. If, as the green paper suggests, new legislation is to be informed by the privacy expectations Canadians have about metadata, Canadians should be clearly advised of the personal information metadata can reveal about them.

The green paper presents a scenario in which a police officer wants to obtain metadata from an Internet service provider but is unable to do so when the investigation is still in its early stages, and there is not enough information to convince a judge to provide authorization. While we appreciate that it might be useful information to have “at the outset of an investigation”, as it says in the green paper, it is unclear to us why neither the evidentiary threshold required to obtain judicial authorization via production order or warrant nor the exigent circumstances exception articulated in R. v. Spencer can be met.

I should add that preservation orders can be obtained on a reasonable grounds to suspect threshold, a very low standard indeed. In that context, we would urge the committee to probe government for precise explanations of why current thresholds are unreasonable and why administrative authorizations to obtain metadata, rather than judicial authorizations, sufficiently protect charter rights.

Encryption, another issue raised in the discussion paper, represents a particularly difficult dilemma. On the one hand, as a technological tool, it is extremely important, even essential, for the protection of personal information in the digital world. On the other hand, as a legal matter, individuals who use it and companies that offer it to their customers are also subject to laws and judicial warrants that may require access to personal information where legitimately needed in cases in which public safety is at risk. Ultimately, the issue is whether it is possible to enable authorized access for the state without creating technological vulnerabilities imperilling the privacy of significant numbers of ordinary citizens. Where it is not possible to do this, I think it is important to ask which of these two important public interests should prevail. We expect to have more to say on this by December.

The green paper lists accountability mechanisms, including ministerial oversight, judicial review, Parliament, and review by independent bodies of experts. On the issue of parliamentary review, I would note that Bill C-22, which proposes to create the national security and intelligence committee of parliamentarians, fills the need for democratic accountability and brings us into alignment with other western democracies. I would note, however, that many agencies that have a role to play in national security or public safety are not currently subject to any independent expert review. This is an omission that, in my view, needs to be addressed.

As I mentioned, my office will be submitting a formal written response to this green paper once we've fully analyzed some of its newer proposals. In the meantime, I would be happy to answer any questions you may have. For instance, I think it would be important to discuss how monitoring of the Internet to prevent radicalization should not create a climate such that ordinary Canadians feel they cannot enjoy fundamental freedoms.

Thank you very much, and I look forward to your questions.

Chair, and members of the committee, it's my pleasure to have the opportunity to present my views on the government's green paper on national security, and the online consultations that Canadians are invited to take part in.

I will focus my brief introductory remarks on the following four issues: the significance and importance of consulting Canadians on national security issues, proposals for utilizing the consultation process, the green paper, and some problems with the green paper.

The first is on the importance of consulting Canadians. All democratic societies seek to establish what is often called a balance between protecting the security of the state and its citizens, and protecting civil liberties. The search for such a balance cannot be left in the hands of government alone. It requires democratic engagement, and ultimately is based on a perception of democratic legitimacy. The Canadian practice for too long has been based on a notion of paternalistic governance on national security matters, rooted in requirements of near absolute citizen trust, in exaggerated concerns about protecting secrets, and assumptions about the inability of our society to fully grasp or even respond well to national security challenges: government knows best.

This set of attitudes is fundamentally outdated, and has been eroded, in particular by the rise of new security threats in the aftermath of the end of the Cold War, and with the ascendency of global terrorism post-9/11. There are new expectations around citizen knowledge and engagement in discussions on national security that must be met.

When last in power, the Liberals issued Canada's first-ever national security strategy, in April 2004. It was an important effort at public education but proved to be an unfortunate one-off. Now the Liberal government has gone a step further and decided to engage in public consultations about Canadians' views on the effective construction of a balance of security and rights protections, framed in part in response to a very divisive parliamentary and public debate around the previous government's introduction of new anti-terrorism measures in Bill C-51.

I fully support the principle of public consultations on national security, particularly in the aftermath of Bill C-51. I'm also hopeful that these consultations can have a real impact, in two ways: first in terms of an improved public understanding of national security threats and responses; and, second, in terms of improved government legislation and policy. I do not accept the view that these consultations are an empty forum designed with a purely political objective in mind. If we decide, as some in the media would like, that public consultations and national security are a form of ragging the puck, then we are truly in a sad shape as a democracy.

The second issue, to raise it very briefly, is a question of how best to utilize the consultation process. A public consultation exercise on national security is historically unprecedented in Canada and has no counterpart that I'm aware of among our close allies. It is an experiment with an unknowable outcome. The government may well find that public responses exceed its expectations, at least in quantity. The Minister of Public Safety has recently stated that some 7,000 responses have already been logged, and there remain two further months before the online consultation is closed. The government has said it intends to use the consultations as a means to improve both policy and legislation, but has provided few details about how it proposes to handle the consultation material.

I would like to see two developments. One is for the government to create an independent expert advisory panel to study the public inputs and come up with their own summary and recommendations. I regard this as important to ensure that, in addition to the expertise provided by their officials, the government can hear other knowledgeable and diverse perspectives. The second desire is for the government to commit to producing a white paper on national security, a new national security strategy out of the green paper process. Beyond that, as part of a transparency initiative, I would like to see it commit to a regular process for the issuance of national security strategy statements to Parliament and the Canadian public. My hope, of course, is that the committee might endorse these ideas.

With regard to the green paper, green papers, as I'm sure you all are aware, are meant to be policy-relevant studies that consider a range of options or scenarios but do not indicate intended policy. The government's green paper entitled “Our Security, Our Rights” was publicly released on September 8, 2016, after a long and difficult internal birth. It comes in two forms: the shorter document, numbering 21 pages, and a longer background document weighing in at 73 pages. In addition, Canadians are encouraged to consult the terrorism threat statement issued just prior to the release of the green paper. The green paper itself was produced by a task force headed by the assistant deputy minister for national and cyber security at the Department of Public Safety and was conducted as an in-house exercise.

The green paper addresses 10 issue areas, to promote, as the minister's foreword indicates, a “framework that upholds both security and rights”. I'm going to very briefly break down these 10 issue areas.

The first two deal with accountability and prevention, and these address Liberal campaign promises. The next four, threat reduction, information sharing, the passenger protect program, and Criminal Code terrorism measures directly address issues raised by the debates around Bill C-51.

There are two further issues around procedures for listing terrorist entities and terrorist financing. The background to their appearance in the green paper is a mystery to me, and I don't regard either of them as particularly amenable to public discussion. They're very technical and perhaps non-controversial.

The final two issues raised are what we might call unresolved and challenging legacy problems. “Investigative Capabilities in a Digital World” revisits a stalled legislative and public debate over what we have long described as lawful access. The intelligence and evidence problem dates back to the decision to create CSIS in 1984 and to separate security intelligence from police work. It was studied more recently and intensively, of course, in the context of Justice Major's Air India inquiry and report.

I would judge at least eight of the 10 issues worthy of public debate. They are both framework issues and, in some cases, directly relate to current anti-terrorism legislation. Of the eight issues identified, the most forward looking concerns investigative capabilities in a digital world. Canada needs a new approach to digital security and digital intelligence gathering, but one that must be embedded in strong privacy and rights protections. On the digital intelligence gathering side, we need a better understanding of metadata collection powers as exercised by Canadian intelligence agencies and of the use of social media intelligence, which is now widespread, and we need better controls to ensure privacy.

I do have some regrets about the green paper's construction. I think it narrows the frame of public discussion too much by its focus on terrorism-related threats alone. The green paper also fails to deliver enough information about the organization of the Canadian security and intelligence community and about the existing capabilities that that community possesses to deal with threats. We cannot find a balance between security and rights in Canada unless our knowledge is sufficiently well balanced to include an understanding of threats, an understanding of available responses to threats, and an understanding of rights.

To conclude, let me turn to some problems I've identified with the green paper itself.

The shorter version of the green paper presents itself as scrupulously neutral and asks very general questions in its conclusion. The longer background document suggests more of an effort to steer the public conversation through selective attention and raises questions, in my mind at least, about the degree to which the government has already made up its mind or been captured by official advice on some issues.

It is important, I think, that the government really listen to the consultation exercise and keep an open mind about policy and legislation in this very complex field. I see some problems in terms of potential closed-mindedness and bureaucratic capture in the following areas.

On accountability, the green paper does not sufficiently address the problems with the existing system of independent external review of security and intelligence agencies, and it does not address the questions of transparency, public education, and sustaining public knowledge.

On prevention, experts will caution against an over-commitment to a theory about radicalization to violence that does not fully reflect the research that has been done to date and may be a problematic concept in other ways.

On threat reduction, the green paper does not ask fundamental questions about whether threat reduction capabilities in the form created by Bill C-51 are needed and who should have the power to deploy them. It makes no distinctions between the very different circumstances of threat reduction activities at home and threat reduction operations abroad.

On domestic national security information sharing, no effort at all is made to genuinely question the changed definition at the heart of SCISA, the Security of Canada Information Sharing Act, which was part 1 of C-51, and that changed definition shifted from, as you will know, section two of the CSIS Act, “threats to the security of Canada”, which has been long our understanding, to something different and admittedly broader called “undermining the security of Canada”.

On passenger protect, Canadians need a commitment to transparency around the no-fly list so that fears of it burgeoning out of size and control can be allayed. I do not mean absolute transparency but an annual reporting of global, anonymized figures for the SATA list, plus more publicly available information about how the SATA list is actually built.

On investigative capabilities in a digital world, this is an important conversation that we need to build into the discussion of controls around metadata collection and the use of social media intelligence.

On intelligence and evidence, it's important to understand this issue is a matter that extends well beyond legal considerations, to include our historical context and the relationship, in particular, between the RCMP and CSIS.

I have not enlarged on any of these concerns but would be happy to address them in questions. I would hope to have a future opportunity to discuss these issues with the committee, particularly when specific amendments to Bill C-51, or new policies and legislation see the light of day.

Thank you.

Bill C-22 is progress in that it would create a committee of parliamentarians. It is important that departments and agencies that work in the national security area be supervised, monitored, and reviewed by elected officials. The democratic legitimacy of that committee is extremely important. I do not think that it is sufficient. Parliamentarians bring democratic legitimacy, but they are not substantive experts.

I think we need both review by elected officials and review by experts in these national security issues, human rights, etc. On the expert review side, Bill C-22 does not deal with that issue. We are left with three national security agencies being the subject of expert review. The majority of the 17 national security agencies, if we look at that world, able to receive information under SCISA, are not the subject of expert review.

I think to have a complete picture it is important that all agencies involved in national security be the subject of expert review and oversight. On the mechanics of this, is it one review body? Is it several? It would need to be discussed. My point is that all departments and agencies involved in national security should be the subject of expert review.

It is certainly a good first step, but I maintain that expert review will continue to be required to review the activities of, say, the Canada Border Services Agency, which did not have much jurisdiction in terms of national security pre-9/11, but is now a very important player in the national security area. I do think it is important that the CBSA, and others, but particularly the CBSA, because it has an important role in national security, be the subject of expert review.

Sure.

The issue with the relevance test, in my view, is that it is such a low threshold that it ultimately creates risks for people who are not suspected of criminal or terrorist activity.

To take a step back for a second, greater information sharing to detect national security threats is a good thing. I do not have a problem with the objective of linking information sharing with the detection of national security threats. In order to achieve the proper balance between threat identification and reduction on the one hand and protection of privacy and human rights on the other, the threshold that authorizes sharing between departments is important. It may look somewhat technical, but it is very important.

I don't think that raising the bar through necessity would paralyze departments. It is important that individual agencies within government be able to share information with a view to—

First of all, the necessity standard is used in Europe, for instance, and so it exists. It's also used in certain provincial legislation and in privacy legislation that is not national security centred, so that threshold exists.

I would have a different view of my level of involvement and engagement, I must say.

I'm not involved greatly in the implementation of SCISA, or what was Bill C-51. What I'm involved in is conducting an independent review of how the executive branch and departments are using and implementing this piece of legislation. I'm not involved in implementing it. I'm involved in reviewing how it is implemented.

I don't have the facts surrounding what happened to Mr. Driver. What this suggests to me is that these assertions that SCISA, or Bill C-51, have helped or were necessary.... I'm open to a demonstration of that, but neither—

Yes. What I'm saying is that the then government.... You're saying that greater information sharing may have assisted in identifying Mr. Driver as a terrorist, and I'm open to a demonstration of that. I would encourage you strongly, as a committee, to ask government officials or others, including the national security agencies, if they could please demonstrate how the previous legislation was deficient in that regard.

What is it in the previous legislation that prevented the type of information sharing that you say is necessary? I'm not disputing that information sharing is useful. It is useful, but there needs to be a demonstration that the previous law was deficient and how it was deficient, so that as parliamentarians, you can then assess how the previous law needed to be changed to reach the goal.